tinba | 38da97208a41f9ef0abae9c625886cb79ebfd16560f77189bdcf605b089ac98d | Triage

Sharing

General

Target

38da97208a41f9ef0abae9c625886cb79ebfd16560f77189bdcf605b089ac98d.exe
Size

88KB
Sample

241218-gqey2awmdw
MD5

540dfebb0c5bbbda707ea9d8bec40b16
SHA1

565dbec351674b0b0d89c1de06d47051597ebed9
SHA256

38da97208a41f9ef0abae9c625886cb79ebfd16560f77189bdcf605b089ac98d
SHA512

bb7acf917c5f56bae7250dca6b3831c1cd7537a268a051883c81c9ca08ed660fcf548b22f3fef6d2eb6cf925f8924d4da92b2b7578ef2263d7d3623ac5eeda16
SSDEEP

1536:L5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsNI:L5fvp12UFKcD/6jwqWsNI

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  38da97208a41f9ef0abae9c625886cb79ebfd16560f77189bdcf605b089ac98d.exe
- Size
  
  88KB
- MD5
  
  540dfebb0c5bbbda707ea9d8bec40b16
- SHA1
  
  565dbec351674b0b0d89c1de06d47051597ebed9
- SHA256
  
  38da97208a41f9ef0abae9c625886cb79ebfd16560f77189bdcf605b089ac98d
- SHA512
  
  bb7acf917c5f56bae7250dca6b3831c1cd7537a268a051883c81c9ca08ed660fcf548b22f3fef6d2eb6cf925f8924d4da92b2b7578ef2263d7d3623ac5eeda16
- SSDEEP
  
  1536:L5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsNI:L5fvp12UFKcD/6jwqWsNI
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan